ScreenShot
| Created | 2021.05.05 20:20 | Machine | s1_win7_x6402 |
| Filename | 5.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, Kryptik, HKSB, PWSX, Chapak, Lockbit, Outbreak, Azorult, PSWSteal, SNH2OW, score, Glupteba, R418996, ZexaF, NCW@a4mnbIpO, CLOUD, Static AI, Malicious PE, HKRT) | ||
| md5 | 870b1ebd3a6f7418f9d9651a2772431f | ||
| sha256 | dc466832b1cfeb541df94d49aea4de357c034f78bf70480c27fe265e440010bf | ||
| ssdeep | 12288:k3gFg6zftI7r0GkdamN8Zf9uoVTnSnT0fparzmr:1Fg6zG0GLhdSnTOparzy | ||
| imphash | b0ad6bf31823e1fb2677105ef8ea4f6c | ||
| impfuzzy | 48:p+Y1ygoepRtmMuDTwSRvcKd1JZNZBpdrn:p+Y4g7RtmFTwSRvcG1J1Bjn | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x493000 FindResourceA
0x493004 GetModuleHandleExA
0x493008 SystemTimeToTzSpecificLocalTime
0x49300c GetConsoleAliasA
0x493010 FlushViewOfFile
0x493014 GetModuleHandleW
0x493018 GetTickCount
0x49301c SetFileTime
0x493020 GlobalFindAtomA
0x493024 GetLocaleInfoW
0x493028 GetSystemTimeAdjustment
0x49302c GetFileAttributesA
0x493030 HeapCreate
0x493034 GetFileAttributesW
0x493038 SetTimeZoneInformation
0x49303c TerminateProcess
0x493040 ReadFile
0x493044 lstrcatA
0x493048 RaiseException
0x49304c GetConsoleOutputCP
0x493050 FreeLibraryAndExitThread
0x493054 ChangeTimerQueueTimer
0x493058 SetLastError
0x49305c GetProcAddress
0x493060 OpenWaitableTimerA
0x493064 GetAtomNameA
0x493068 GetProcessId
0x49306c OpenWaitableTimerW
0x493070 SetConsoleCursorInfo
0x493074 GetModuleHandleA
0x493078 LoadLibraryExA
0x49307c FindAtomW
0x493080 LocalFileTimeToFileTime
0x493084 CompareStringW
0x493088 CompareStringA
0x49308c GetStartupInfoW
0x493090 GetCurrentProcess
0x493094 UnhandledExceptionFilter
0x493098 SetUnhandledExceptionFilter
0x49309c IsDebuggerPresent
0x4930a0 HeapAlloc
0x4930a4 Sleep
0x4930a8 ExitProcess
0x4930ac WriteFile
0x4930b0 GetStdHandle
0x4930b4 GetModuleFileNameA
0x4930b8 GetModuleFileNameW
0x4930bc FreeEnvironmentStringsW
0x4930c0 GetEnvironmentStringsW
0x4930c4 GetCommandLineW
0x4930c8 SetHandleCount
0x4930cc GetFileType
0x4930d0 GetStartupInfoA
0x4930d4 DeleteCriticalSection
0x4930d8 TlsGetValue
0x4930dc TlsAlloc
0x4930e0 TlsSetValue
0x4930e4 TlsFree
0x4930e8 InterlockedIncrement
0x4930ec GetCurrentThreadId
0x4930f0 GetLastError
0x4930f4 InterlockedDecrement
0x4930f8 GetCurrentThread
0x4930fc HeapDestroy
0x493100 VirtualFree
0x493104 HeapFree
0x493108 QueryPerformanceCounter
0x49310c GetCurrentProcessId
0x493110 GetSystemTimeAsFileTime
0x493114 LeaveCriticalSection
0x493118 FatalAppExitA
0x49311c EnterCriticalSection
0x493120 VirtualAlloc
0x493124 HeapReAlloc
0x493128 SetConsoleCtrlHandler
0x49312c FreeLibrary
0x493130 InterlockedExchange
0x493134 LoadLibraryA
0x493138 InitializeCriticalSectionAndSpinCount
0x49313c GetCPInfo
0x493140 GetACP
0x493144 GetOEMCP
0x493148 IsValidCodePage
0x49314c RtlUnwind
0x493150 HeapSize
0x493154 GetLocaleInfoA
0x493158 WideCharToMultiByte
0x49315c GetTimeFormatA
0x493160 GetDateFormatA
0x493164 GetUserDefaultLCID
0x493168 EnumSystemLocalesA
0x49316c IsValidLocale
0x493170 GetStringTypeA
0x493174 MultiByteToWideChar
0x493178 GetStringTypeW
0x49317c LCMapStringA
0x493180 LCMapStringW
0x493184 GetTimeZoneInformation
0x493188 SetEnvironmentVariableA
USER32.dll
0x493190 GetDesktopWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x493000 FindResourceA
0x493004 GetModuleHandleExA
0x493008 SystemTimeToTzSpecificLocalTime
0x49300c GetConsoleAliasA
0x493010 FlushViewOfFile
0x493014 GetModuleHandleW
0x493018 GetTickCount
0x49301c SetFileTime
0x493020 GlobalFindAtomA
0x493024 GetLocaleInfoW
0x493028 GetSystemTimeAdjustment
0x49302c GetFileAttributesA
0x493030 HeapCreate
0x493034 GetFileAttributesW
0x493038 SetTimeZoneInformation
0x49303c TerminateProcess
0x493040 ReadFile
0x493044 lstrcatA
0x493048 RaiseException
0x49304c GetConsoleOutputCP
0x493050 FreeLibraryAndExitThread
0x493054 ChangeTimerQueueTimer
0x493058 SetLastError
0x49305c GetProcAddress
0x493060 OpenWaitableTimerA
0x493064 GetAtomNameA
0x493068 GetProcessId
0x49306c OpenWaitableTimerW
0x493070 SetConsoleCursorInfo
0x493074 GetModuleHandleA
0x493078 LoadLibraryExA
0x49307c FindAtomW
0x493080 LocalFileTimeToFileTime
0x493084 CompareStringW
0x493088 CompareStringA
0x49308c GetStartupInfoW
0x493090 GetCurrentProcess
0x493094 UnhandledExceptionFilter
0x493098 SetUnhandledExceptionFilter
0x49309c IsDebuggerPresent
0x4930a0 HeapAlloc
0x4930a4 Sleep
0x4930a8 ExitProcess
0x4930ac WriteFile
0x4930b0 GetStdHandle
0x4930b4 GetModuleFileNameA
0x4930b8 GetModuleFileNameW
0x4930bc FreeEnvironmentStringsW
0x4930c0 GetEnvironmentStringsW
0x4930c4 GetCommandLineW
0x4930c8 SetHandleCount
0x4930cc GetFileType
0x4930d0 GetStartupInfoA
0x4930d4 DeleteCriticalSection
0x4930d8 TlsGetValue
0x4930dc TlsAlloc
0x4930e0 TlsSetValue
0x4930e4 TlsFree
0x4930e8 InterlockedIncrement
0x4930ec GetCurrentThreadId
0x4930f0 GetLastError
0x4930f4 InterlockedDecrement
0x4930f8 GetCurrentThread
0x4930fc HeapDestroy
0x493100 VirtualFree
0x493104 HeapFree
0x493108 QueryPerformanceCounter
0x49310c GetCurrentProcessId
0x493110 GetSystemTimeAsFileTime
0x493114 LeaveCriticalSection
0x493118 FatalAppExitA
0x49311c EnterCriticalSection
0x493120 VirtualAlloc
0x493124 HeapReAlloc
0x493128 SetConsoleCtrlHandler
0x49312c FreeLibrary
0x493130 InterlockedExchange
0x493134 LoadLibraryA
0x493138 InitializeCriticalSectionAndSpinCount
0x49313c GetCPInfo
0x493140 GetACP
0x493144 GetOEMCP
0x493148 IsValidCodePage
0x49314c RtlUnwind
0x493150 HeapSize
0x493154 GetLocaleInfoA
0x493158 WideCharToMultiByte
0x49315c GetTimeFormatA
0x493160 GetDateFormatA
0x493164 GetUserDefaultLCID
0x493168 EnumSystemLocalesA
0x49316c IsValidLocale
0x493170 GetStringTypeA
0x493174 MultiByteToWideChar
0x493178 GetStringTypeW
0x49317c LCMapStringA
0x493180 LCMapStringW
0x493184 GetTimeZoneInformation
0x493188 SetEnvironmentVariableA
USER32.dll
0x493190 GetDesktopWindow
EAT(Export Address Table) is none